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(57) A time period which is expended since a re- 
quest for the authentication of the validity of a public key 
certificate till the authentication of the validity, is short- 
ened. A certificate validity authentication center VC pe- 
riodically searches for and verifies paths which extend 
from a bridge certification authority CAbndge individual 
tenmfnal admitting certif ication authorities CA, and it reg- 
isters the paths whose verifications have held good, in 
a path database in association with the respective ter- 
minal admitting certification authorities CA. Besides, in 
a case where the request for the authentication of the 
validity of a certificate has been made by an end entity 
EE, whether or not a path associated with the temiinal 
admitting certification authority CA which admits the end 
entity, and a path associated with the terminal admitting 
certifteation authority CA which has issued the certifi- 
cate being a subject for the request are registered in the 
path database is checked, and the subject certificate is 
judged valid only when both the paths are registered. 
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Description 

BACKGROUND OF THE INVENTION 

[0001] The present Invention relates to techniques in 
a PKi (Public Key Infrastructure), well suited for authen- 
ticating the validity of a public key certificate which 
serves to verify a signature for an electronic procedure 
received by a certain terminal and which has been is- 
sued by a certification authority different from one tmst- 
ed by the pertinent terminal. 

[0002] In various organizations and parties on private 
and public bases, PKIs (Public Key Infrastructures) 
have been introduced and made ready for use in order 
to electronicize manifold procedures which were taken 
with sheets of paper in the past. 
[0003] Fig. 1 2 shows the relationship among a plural- 
ity of certification authorities which exist In a prior-art 
PKI. 

[0004] As shown in the figure, the certlfteatlon author- 
ities each issuing and managing public key certificates 
form a group having a tree structure whose apex is the 
root certification authority CA1 . The group is called "se- 
curity domain". The root certification authority CA1 is- 
sues public key certificates to the certification authori- 
ties CA2^ - CA2n which are located directly downstream 
of itself. Besides, each of the certification authorities 
CA2^ - CA2f, issues public key certificates to the certifi- 
cation authorities CA3^ - CA3„^ which are located di- 
rectly downstream of itself. In this manner, each certifi- 
cation authority located directly upstream in the tree is- 
sues public key certificates to the certification authori- 
ties located directly downstream of itself. Further, each 
of the certification authorities located at the downmost 
stream in the tree (hereinbelow, called "temilnal admit- 
ting certification authorities") CAS^ - CAS^n, issues pub- 
lic key certificates to user temiinals taking electronic 
procedures (hereinbelow, called "end entities") EE^ - 
EE,. 

[0005] The legality of a secret key (signature key) 
whkih each of the end entities EE^ - EE, uses for the 
signature of an electronic document Is certified by the 
public key cert'rfbate issued by that one of the temilnal 
admitting certification authorities CASi - CAS^^n which 
admits the pertinent end entity Itself, In turn, the legality 
of a secret key which each of the terminal admitting cer- 
tification authorities CAS^ - CAS„r„ uses for the signa- 
ture of the issued public key certificate is certified by the 
public key certificate issued by that one of the certifica- 
tion authorities CA(S - 1 )i - CA(S - 1)n<m - 1) which admits 
the pertinent temilnal admitting certification authority it- 
self. Accordingly, the secret key which Is used for the 
signature by each of the end entities EE^ - EE, is finally 
certified by the public key certifteate issued by the root 
certification authority CA1. The certification authority 
which finally certifies the legalities of the keys respec- 
tively used for the signatures by the end entitles EE^ - 
EEx, in other words, which is trusted by the end entitles 
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EEi - EE^ and which Is located at the upmost stream in 
the tree, is called "trust anchor". 

[0006] Referring to Fig. 12, the end entity EE^ affixes 
a signature to an electronic document, such as a written 
5 application, to be transmitted to the end entity EE^. by 
using the secret key of the end entity EE^ itself. Besides, 
the end entity EE^ attaches to the signed electronic doc- 
ument a public key certificate which pairs with the above 
secret key and which has been issued by the terminal 
10 admitting certification authority CAS^ for admitting this 
end entity EE^, and it transmits the document and the 
certificate to the end entity EE^. 
[0007] The end entity EE^ can verify the signature of 
the electronic document received from the end entity 
EE^ , by employing the public key certificate attached to 
this electronic document Since, however, the public key 
certificate is not one issued by the terminal admitting 
certification authority CAS^j^ for admitting the end entity 
EEx, this end entity EE^ cannot immediately trust the 
pertinent public key certificate. In this case, the end en- 
tity EEx must authenticate that the validity of the perti- 
nent public key certificate Is certified by the root certifi- 
cafion authority CA1 which is the trust anchor of end en- 
tity EEjf itself. A validity authenfication process for the 
public key certificate is executed by the following steps: 

(1) Search for Path from Trust anchor to Cerfification 
authority which is Issue origin of Public key certificate 

[0008] With a trust anchor (here, the root certification 
authority CA1) set as a start certification authority, the 
processing of inspecting the issue destinations of public 
key certificates issued by the start certification authority 
and further inspecting if any downstream certification 
authorities are included among the inspected issue des- 
tinations, the issue destinations of public key certificates 
issued by the downstream certification authorities Is 
continued until a certification authority being the issue 
origin of a pertinent public key certificate (here, the ter- 
minal admitting certification authority CAS^ for admitting 
the end entity EE-i) is included among the further in- 
spected issue destinations. Thus, a path from the trust 
anchor to the certification authority being the issue origin 
of the pertinent public key certificate is searched for. 

(2) Verification of Detected path 

[0009] There are obtained public key certificates is- 
sued from the individual certification authorities located 
on the path detected by the step (1), to the certification 
authorities located directly downstream of the respec- 
tive certification authorities on the path. Besides, the 
processing of verifying the signature of the pertinent 
public key certificate to be authenticated on its validity 
(here, the public key certificate issued to the end entity 
EEi by the tenninai admitting certification authority 
CAS^), In the light of the public key certificate issued by 
the certification authority (here, the certification author- 
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ity CA(S-I)i) located directly upstream of the certifica- 
tion autiiority (here, the terminal admitting certification 
authority CAS-|) having issued the pertinent public key 
certificate, and subsequently verifying if the verification 
holds good, the signature of the public key certificate 
issued by the certification authority located directly up- 
stream, in the light of the public key certificate issued by 
the certification authority located directly upstream still 
further, is continued until the upstream certification au- 
thority reaches the tmst anchor. In a case where such 
signature verification has held good up to the trust an- 
chor in due course, the validity of the public key certifi- 
cate to be authenticated on its validity shall have been 
authenticated. 

[001 0] The end entity EE^ can authenticate the legal- 
ity of the electronic document received from the end en- 
tity EE^, insuchawaythatthe signature of the electronic 
document is verified using the public key certificate at- 
tached to the electronic document, and that the validity 
of the public key certificate used for verifying the signa- 
ture of the electrons document is authenticated in ac- 
cordance with the steps (1) and (2) stated above. 
[0011] Incidentally, it is premised in the foregoing that 
the process for authenticating the validity of the public 
key certificate is executed in the end entity. However, 
the certificate validity authentication process is heavy in 
load, and a high processing capability Is required of the 
end entity for the execution of the process. It has there- 
fore been proposed by the IETF that a server for authen- 
ticating the validity of a certificate as is connected to the 
end entity through a network is disposed so as to au- 
thenticate the validity of the public key certificate instead 
of the end entity. 

SUMMARY OF THE INVENTION 

[001 2] A certificate validity authenticating server hith- 
erto proposed authenticates the validity of a public key 
certificate by executing the steps (1 ) and (2) stated be- 
fore, each time it accepts a request from an end entity. 
Therefore, a time period for executing the steps (1 ) and 
(2) is, at least, expended since the request of the end 
entity for the authentication of the validity of the public 
key certificate till the obtainment of the result of the au- 
thentication. 

[0013] Besides, although the example of Fig. 12 is 
premised on only one security domain, a plurality of se- 
curity domains are conjectured to coexist for the reason 
that PKIs have been introduced and made ready for use 
in various organizations and parties on private and pub- 
lb bases as explained before. Even among the different 
security domains, the process for authenticating the va- 
lidity of a public key certificate as indicated by the steps 
(1) and (2) can be realized by perfomiing cross-certifi- 
cation in such a way that the root certification authorities 
of the individual security domains issue the public key 
certificates of the security domains opposite to each oth- 
er, or by disposing a bridge certification authority which 



performs such cross-certrfication between it and each 
of the root certification authorities of the individual se- 
curity domains. However, when the process for authen- 
ticating the validity of a public key certificate Is executed 

5 among the plurality of security domains in this manner, 
the number of certification authorities increases, and the 
relationship among the certification authorities becomes 
more complicated unlike the simple tree structure as 
shown in Fig. 12, so that a load for executing the steps 

10 (1 ) and (2) stated before Increases. Therefore, the time 
period which Is expended since the request of the end 
entity for the authentication of the validity of the pubib 
key certificate till the obtainment of the result of the au- 
thentication is further lengthened to incur degradation 

15 in servbe. 

[0014] The present invention has been made in view 
of the above circumstances, and has for its object to 
shorten a time period which is expended since a request 
for the authentication of the validity of a public key cer- 

20 tificate till the authentication of the validity. 

[001 5] In order to accomplish the object, according to 
the present invention, in a certificate validity authenti- 
cating server which is connected to pluralities of termi- 
nals (end entities) and certification authorities through 

25 a network, processing stated below is executed In com- 
pliance with a request made by a certain terminal, In or- 
der to authenticate the validity of a public key certificate 
issued by a certification authority which is different from 
a certification authority trusted by the temninal. 

30 [0016] Irrespective of the request of any terminal for 
authenticating the validity of a public key certificate, for 
example, periodically, there are performed: 

the path search step of executing a process in 
35 which, with any certification authority set as a start 
certification authority, an issue destination of a pub- 
lic key certificate issued by the start certifbation au- 
thority is checked, and subject to any certification 
authority included as the issue destination, an issue 
40 destination of a public key certificate issued by the 
issue-destination certification authority is further 
checked, the process being continued until all of the 
issue destinations of the public key certificates be- 
come temnlnals, thereby to search for paths which 
45 extend from said start certification authority to ter- 
minal admitting certification authorities having is- 
sued public key certificates to any tenminals; 
the path verification step of executing for each of 
the paths detected by said path search step, a proc- 
50 ess In which, with said start certification authority 
set at an upstream side, a signature of the pubib 
key certificate issued by the tenninal admitting cer- 
tification authority on the pertinent path is verified 
in the light of the public key certificate Issued by the 
55 certification authority located directly upstream, and 
subject to the verification having held good, a sig- 
nature of the public key certificate issued by the ter- 
minal admitting certification authority located direct- 
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ly upstream is verified in the light of the public key 
certificate Issued by the certification authority locat- 
ed directly upstream still further, the process being 
continued until said certification authority located di- 
rectly upstream becomes said start certification au- 
thority, thereby to verify said paths; and 
the path registration step of registering in a data- 
base those of said paths whose verifications have 
held good by said path verification step. 

[0017] Besides, In a case where the certain terminal 
has made the request for authenticating the validity of 
the public key certificate issued by the terminal admitting 
certification authority which is different from the certifi- 
cation authority trusted by said terminal, said validity of 
said public key certificate is authenticated by checking 
whether or not the path between said certification au- 
thority trusted by said terminal and said start certification 
authority and the path between the different terminal ad- 
mitting certification authority and said start certification 
authority are held registered in the database. 
[0018] According to the present invention, when the 
request for authenticating the validity of the public key 
certificate has been received from the certain terminal, 
the reception need not be followed by the search for the 
path from the trust anchor of the pertinent terminal to 
the issue-origin certification authority of the subject pub- 
Ik: key certificate and the verification of the detected 
path as have been mentioned as the items (1) and (2) 
before. It is accordingly possible to shorten a time period 
which is expended since the request for the authentica- 
tion of the validity of the public key certificate till the au- 
thentication of the validity. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0019] 

Fig. 1 is a diagram showing the schematic architec- 
ture of a PKI system to which an embodiment of the 
present invention is applied; 
Fig. 2 is a diagram showing an example of the re- 
lationship among indh^idual certification authorities 
CA in the PKI system shown in Fig. 1 ; 
Fig. 3 is a block diagram showing the schematic 
construction of an end entity EE shown in Fig. 1 ; 
Fig. 4 is a block diagram showing the schematic 
construction of the certification authority CA shown 
in Fig. 1; 

Fig. 5 is a block diagram showing the schematic 
construction of a certificate validity authentication 
center VC shown In Fig. 1 ; 

Fig. 6 is a block diagram showing an example of 
hardware construction of each of the end entity EE, 
certification authority CA and certificate validity au- 
thentrcation center VC which are respectively 
shown in Figs. 3. 4 and 5; 

Fig. 7 is a flow chart for explaining the operation of 



searching for, verifying and managing paths as is 
executed in the certificate validity authentication 
center VC shown in Fig. 5; 

Fig. 8 is a flow chart for explaining the operation of 
5 searching for, verifying and managing the paths as 

is executed in the certificate validity authentication 
center VC shown in Fig. 5; 

Fig. 9 is a diagram showing paths which extend 
from a bridge certification authorities CA^jri^^^ to re- 
10 spective terminal admitting certification authorities 
CA, and which are detected by the path search unit 
32 of the certificate validity authentication center VC 
in a case where the certification authorities CA in 
the relationship shown in Fig. 2; 
IS Fig. 1 0 is a flow chart for explaining the operation 
of authenticating the validity of a public key certifi- 
cate as is executed in the certificate validity authen- 
tication center VC shown in Fig. 5; 
Fig. 11 is a flow chart for explaining the operation 
20 of authenticating the validity of the public key certif- 
icate as is executed in the certificate validity authen- 
tication center VC shown in Fig. 5; and 
Fig. 12 is a diagram showing an example of the re- 
lationship among a plurality of certification authori- 
25 ties which exist in a prior-art PKI. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

30 [0020] Now, embodiments of the present invention 
will be described. 

[0021] Fig. 1 is a diagram showing the schematic ar- 
chitecture of a PKI system to which an embodiment of 
the present invention is applied. 

35 [0022] As shown in the figure, the PKI system of this 
embodiment Is so constructed that a plurality of end en- 
tities EE which are user temainals for taking electrons 
procedures, or request accepting servers for accepting 
requests from user temninals so as to take electronic 

40 procedures for the user terminals, a plurality of certifi- 
cation authorities CA for issuing and managing public 
key certificates, and a certificate validity authentication 
center VC for authenticating the validity of a public key 
certificate in compliance with a request made by the end 

45 entity EE, are interconnected through a network NET 
formed of, for example, LANs, WANs and the Intemet 
connecting them. 

[0023] Fig. 2 is a diagram showing an example of the 
relationship among the individual certification authori- 

50 ties CA in the PKI system shown in Fig. 1 . 

[0024] As shown in the figure, it is premised in the PKI 
system of this embodiment that a plurality of security do- 
mains SD (SD.j - SD3) on private and governmental bas- 
es are coexistent. Some of the security domains SD 

55 (SD2 and SD3 In Fig. 2) are assumed to be so related 
that their root certification authorities CA (CA21 and 
CA31 in Fig. 2) perform cross-cert If ication by, for exam- 
ple, issuing pubik; key certificates to each other. Be- 
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sides, the root certification authorities CA of the respec- 
tive security domains SD (CA^^. CA21 and CA31 In Fig. 
2) are assumed to perform cross-certification between 
them and a bridge certification authority CA^j^^^ by, for 
example, issuing public key certificates to the bridge 
certification authority CA^^^g^ and also having public 
key certif k:ates issued thereto by the bridge certification 
authority CAbridge- In this way, a path can be formed be- 
tween the certification authority CA belonging to a cer- 
tain one of the security domains SD and the certification 
authority CA belonging to another in order that the va- 
lidity of the public key certificate issued by one certifica- 
tion authority CA may be authenticated by the other cer- 
tification authority CA. 

[0025] Next, there will be explained the end entity EE, 
certiffcation authority CA and certificate validity authen- 
tication center VC which constitute the PKI system de- 
scribed above. 

[0026] First, the end entity EE will be explained. 
[0027] Fig . 3 is a block diagram showing the schemat- 
ic construction of the end entity EE. 
[0028] As shown in the figure, the end entity EE In- 
cludes a processing unit 1 0a, a storage unit 1 0b, a com- 
munication unit 1 6 which serves to communicate with 
another device through the network NET, and an input/ 
output unit 17 which inputs/outputs electronic docu- 
ments created by users or electronic documents re- 
ceived from other end entities EE or user terminals, and 
which accepts instructions given by the users. 
[0029] The processing unit 10a includes a signature 
generation unit 14, a signature verification unit 15, and 
a control unit 18 which collectrvety controls the various 
units of the end entity EE. 

[0030] The storage unit 10b Includes an electronic 
document holding unit 11 which holds therein the elec- 
tronic documents created by the users (received from 
the user terminals, in the case where the end entity EE 
is the accepting server), a key holding unit 12 which 
holds therein secret keys (signature keys) and public 
key certificates pairing with the respective secret keys, 
and a verification subject holding unit 13 which holds 
therein signed electronic documents and public key cer- 
tificates received from other end entities EE. 
[0031] In such a construction, when the control unit 
1 8 has accepted from the user through the input/output 
unit 1 7 an instruction to the effect that an electronic doc- 
ument held in the electronic document holding unit 1 1 is 
to be transmitted to another end entity EE, it reads out 
the pertinent electronic document from the electronic 
document holding unit 1 1 and delivers this document to 
the signature generation unit 14. Then, the signature 
generation unit 14 generates a signature for the perti- 
nent electronic document by using a secret key held in 
the key holding unit 12. Thereafter, the control unit 18 
creates a signed electronic document by affixing the sig- 
nature created by the signature generation unit 14, to 
the electronic document read out of the electronic doc- 
ument holding unit 11. Further, it attaches a public key 



certificate held in the key holding unit 12, to the signed 
electronic document created, whereupon it transmits 
them to the address of the end entity EE being a trans- 
mission destination indicated by the user, through the 

5 communication unit 16. 

[0032] In addition, when the control unit 18 has re- 
ceived a signed electronic document and a public key 
certificate from another end entity EE through the com- 
munication unit 16, it causes the verification subject 

10 holding unit 1 3 to hold them and simultaneously notifies 
the holding operation to the signature verification unit 
15. Then, the signature verification unit 15 verifies the 
signature of the signed electronic document held In the 
verification subject holding unit 13. by using the publto 

15 key certificate received together with this electronic doc^ 
ument. Here, only in a case where the verification has 
held good, the signed electronic document is dealt with 
as being legal, and it is outputted from the Input/output 
unit 17 as may be needed. 

^ [0033] However, in a case where, in spite of the sig- 
nature verification having held good, the public key cer- 
tificate used for this signature verification has been is- 
sued by any othertennlnal admitting certification author- 
ity CA than the temninal admitting certification authority 

^5 CA which admits the end entity EE of its own (that is, 
which has issued the public key certificate to the end 
entity EE of its own), the signature verification unit 15 
transmits a request for authenticating the validity of the 
public key certifk;ate used for the signature verification, 

30 to the certificate validity authentication center VC. On 
this occasion, if necessary, trustworthiness (policy) in- 
dicating a level of certification and/or assurance for the 
certification authority Is contained in the authentication 
request. Thus, only in a case where the validity of the 

35 pertinent public key certificate has been authenticated 
by the certificate validity authentication center VC, the 
signed electron^ document Is dealt with as being legal, 
and it Is outputted from the input/output unit 17 as may 
be needed. Herein, the trustworthiness is indicated by 

40 the amount of business, or the like of the electronic pro- 
cedure to be taken by the signed electronic document. 
Besides, the trustworthiness may be indicated, for ex- 
ample, by the confidentiality of a document to be dealt 
with or the trustworthiness of a singer of the singed elec- 

45 tronic document (such as signer's reporting himself is 
necessary, or the processing via a network is accepta- 
ble) 

[0034] Next, the certification authority CA will be ex- 
plained. 

50 [0035] Fig. 4 is a block diagram showing the schemat- 
ic construction of the certification authority CA. 
[0036] As shown In the figure, the certification author- 
ity CA includes a processing unit 20a, a storage unit 20b, 
a communication unit 26 which serves to communicate 

55 with another device through the network NET, and an 
input/output unit 27 which inputs/outputs public key cer- 
tificates etc. and which accepts instructions given by us- 
ers. 
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[0037] The processing unit 20a includes an issue unit 

21 which issues public key certificates, a management 
unit 22 which manages the public key certificates issued 
by the issue unit 21 , and a control unit 28 which collec- 
tively controls the various units of the certification au- 5 
thority CA. 

[0038] The storage unit 20b includes a public key cer- 
tificate database 23 which holds therein the public key 
certificates issued by the issue unit 21 , an issue desti- 
nation management list holding unit 24 which holds 
therein an Issue destination management list describing 
the issue destinations of the respective public key cer- 
tificates held in the public key certificate database 23, 
and a certification revocation list holding unit 25. 
[0039] In such a construction, when the control unit 
28 has accepted a request for the issue of a public key 
certificate through the input/output unit 27 or the com- 
munication unit 26, it notifies the acceptance of the re- 
quest to the issue unit 21 . Then, the issue unit 21 creates 
a secret key (signature key) which a requester for the 
issue uses for the generation of a signature, and the 
public key certificate which pairs with the secret key. On 
this occasion, the issue unit 21 signs the public key cer- 
tificate by using the secret key of its own certification 
authority CA. Besides, if necessary, the issue unit 21 
describes in the public key certificate the validity temn 
of this public key certificate, the names of other certifi- 
cation authorities which are not trusted (Name Con- 
straints), the maximum path length which is allowed for 
the authentication of the validity of the pertinent public 
key certificate (the maximum allowable number of cer- 
tification authorities on a path), and the trustworthiness 
(policy) of a signature based on the secret key pairing 
with the pertinent public key certificate as is expressed 
by the amount of business, or the like of the electronic 
procedure. Thereafter, the created public key certif k^ate 
and secret key are delivered to the issue requester by 
mail or communication through the input/output unit 27 
or the communication unit 26. Also, the pertinent public 
key certificate is registered in the public key certificate 
database 23, and the infonnatton of the issue destina- 
tion (that is, the issue requester) is described in the issue 
destination management list held in the issue destina- 
tion management list holding unit 24. 
[0040] In addition, when the control unit 28 has ac- 
cepted a request for the revocation of a publk: key cer- 
tificate through the input/output unit 27 or the communi- 
cation unit 26, it notifies the acceptance of the request 
to the management unit 22. Then, the management unit 

22 deletes the public key certificate to-be-revoked from 
the public key certificate database 23 and simultaneous- 
ly deletes the Information of the issue destination of the 
pertinent public key certifrcate from the issue destination 
management list held In the issue destination manage- 
ment list holding unit 24. However, it is not essential to 
delete the public key certificate to-be-revoked from the 
public key certificate database 23. Further, the manage- 
ment unit 22 periodically creates a certification revoca- 



tion list (abbreviated to "CRL", and also called "ARL" 
short for authority revocation list) in which information 
items about public key certificates to-be-revoked are de- 
scribed, and it causes the CRL holding unit 25 to hold 
the CRL. Incidentally, the management unit 22 shall de- 
scribe the next date and hour scheduled to create the 
CRL, in the created CRL. 

[0041] Yet in addition, when the control unit 28 has 
received a query about the information of the revocation 
of a public key certificate from another device through 
the communication unit 26, it searches the certification 
revocation list held in the CRL holding unit 25, to check 
whether or not the queried public key certificate has 
been revoked. Besides, the control unit 28 notifies the 
result of the check as a reply to the other device having 
queried, through the communication unit 26 (a commu- 
nication protocol which is used for such a query and a 
reply is the OCSP short for "Online Certification Status 
Protocol"). 

[0042] Incidentally, the management unit 22 also ex- 
ecutes a process for examining the validity terms of In- 
dividual public key certificates stored in the public key 
certificate database 23, so as to delete any public key 
certificate whose validity term has expired, from the pub- 
lic key certificate database 23, and to delete the infor- 
mation of the issue destination of the pertinent publk; 
key certificate from the issue destination management 
list held in the issue destination management list holding 
unit 24. 

[0043] Next, the certificate validity authentication 
center VC will be explained. 

[0044] Fig. 5 is a block diagram showing the schemat- 
ic construction of the certificate validity authentication 
center VC. 

[0045] As shown In the figure, the certificate validity 
authentication center VC includes a processing unit 
30a, a storage unit 30b, a communication unit 36 which 
serves to communicate with another device through the 
network NET, and an input/output unit 37 which inputs/ 
outputs public key certificates etc. and which accepts 
instructions given by users. 

[0046] The processing unit 30a includes a path 
search unit 32, a path verif k:ation unit 33, a validity temV 
revocation state examination unit 34, a validity authen- 
tication unit 35, and a control unit 38 which collectively 
controls the various units of the certificate validity au- 
thentication center VC. On the other hand, the storage 
unit 30b includes a path database 31 , and a certification 
revocation list (CRL) creation schedule time database 
39. 

[0047] The path search unit 31 periodically searches 
for paths which extend from the bridge certification au- 
thority CA^jridge individual temnlnal admitting cer- 
tification authorities CA having issued public key certif- 
icates to the end entities EE. 

[0048] Each time a path has been searched for by the 
path search unit 31 , the path verification unit 32 verifies 
the path detected by the path search unit 31 . Besides, 
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the path verification unit 32 registersthepath whose ver- 
ification has held good, in the path database 31 . Herein, 
the path is registered in association with the name of the 
tenminal admitting certification authority CA which is lo- 
cated at the downnnost stream on the path relative to the 
upstream bridge certification authority CA^^^, and with 
public key certificates obtained from the certification au- 
thorities CA on the path and issued from these certifica- 
tion authorities CA to the certification authorities CA 
which are respectively located directly downstream of 
them (to the end entities EE in a case where the certifi- 
cation authorities CA being issue origins are the terminal 
admitting certification authorities CA). 
[0049] The validity term/revocation state examination 
unit 34 examines the validity terms and revocation 
states of the public key certificates as to each of the 
paths registered in the path database 31 . These public 
l<ey certificates are ones having been issued by the cer- 
tification authorities CA on the path, to the certification 
authorities CA which are respecth^ely located directly 
downstream of the issue-origin certification authorities 
CA on the path (to the end entities EE In the case where 
the issue-origin certification authorities CA are the ter- 
minal admitting certification authorities CA), Further, the 
unit 34 updates the path database 33 in accordance with 
the result of the examination. 

[0050] In addition, the validity temn/revocation state 
examination unit 34 registers the next CRL creation 
schedule times described in the CRLs (certification rev- 
ocation lists) obtained from the CRL holding units 25 of 
the respective certification authorities CA, in the CRL 
creation schedule time database 39 in association with 
the pertinent certification authorities CA. 
[0051] In compliance with a request made by the end 
entity EE, the validity authentication unit 35 authenti- 
cates the validity of a public key certificate issued by any 
terminal admitting certification authority C A which is oth- 
er than the terminal admitting certification authority CA 
admitting the pertinent end entity BE, for the terminal 
admitting certification authority CA admitting this end 
entity EE. 

[0052] Incidentally, the end entity EE, certifk:ation au- 
thority CA and certificate validity authentication center 
VC shown in Figs. 3-5 can be respectively realized, for 
example, in such a way that a CPU 61 runs predeter- 
mined programs loaded in a memory 62 in a general 
electronic computer as shown in Fig. 6. More specifical- 
ly, the electronic computer includes the CPU 61, the 
memory 62, an external storage device 63 such as hard 
disk, a read device 64 whk:h reads information from a 
portable storage medium 69 such as CD-ROM, a com- 
munteatlon device 66 which serves to communicate with 
another device through the network, an input device 66 
such as keyboard or mouse, an output device 67 such 
as monitor or printer, and an interface 68 which ex- 
changes data among the constituent devices. Thus, the 
communication units 16, 26 and 36 are realized in such 
a way that the CPU 61 utilizes the communication de- 



vice 65; the input/output units 17, 27 and 37 are done 
in such a way that the CPU 61 utilizes the input device 
66, output device 67 and read device 64; and the stor- 
age units 10b, 20b and 30b are done in such a way that 

5 the CPU 61 utilizes the memory 62 and external storage 
device 63. Besides, the processing units 1 Da, 20a and 
30a are realized as processes on the CPU 61 . 
[0053] Such predetermined programs for realizing the 
end entity EE, certification authority CA and certificate 

10 validity authentication center VC on the electronic com- 
puter, respectively, may be read out of the storage me- 
dium 69 through the read device 64 or downloaded from 
another server via the network through the communica- 
tion unit 65 so as to be loaded into the memory 62 after 

IS being once stored in the external storage device 63 or 
directly without being stored in the external storage de- 
vice 63, whereupon they may be run by the CPU 61 . 
[0054] Next, the operation of the certificate validity au- 
thentication center VC of the above construction will be 

20 explained. 

[0055] The operation of the certificate validity authen- 
tication center VC in this embodiment is divided into the 
operation of searching for, verifying and managing 
paths, and the operation of authenticating the validity of 

25 a public key certificate. 

[0056] There will now be explained the operation of 
searching for, verifying and managing paths. 
[0057] Figs. 7 and 8 are flow charts for explaining the 
operation of searching for, verifying and managing paths 

30 as is executed in the certificate validity authentication 
center VC in this embodiment. 

[0058] Referring to Fig. 7, when a predetermined time 
period (for example, one day) has lapsed (step SI 001), 
the control unit 38 requests the path search unit 32 to 

35 search for paths. Then, the path search unit 32 searches 
for paths which extend from the bridge certification au- 
thority CAbridge to individual temriinal admitting cer- 
tification authorities CA (step 31002). 
[0059] Concretely, the path search unit 32 accesses 

40 the issue destination management list holding unit 24 of 
the bridge certification authority C Abridge ®o to obtain 
the infonnation items of the issue destinations of public 
key certificates issued by the bridge certification author- 
ity CAbridge- Subsequently, in a case where the issue 

45 destinations obtained are the certification authorities 
CA, the path search unit 32 accesses the issue destina- 
tion management list holding unit 24 of the certification 
authority CA of each of the issue destinations so as to 
further inspect the Issue destinations of public key cer- 

50 tificates issued by each certif bation authority CA. Such 
a process Is continued until the issue destinations of 
public key certificates become 'the end entities EE, 
thereby to search for the paths which extend from the 
bridge certification authority CAbndge to the individual 

55 terminal admitting certification authorities CA. Here, in 
order to prevent the process from being Iterated limit- 
lessly due to the loop of the paths, in a case where the 
issue destinations obtained from the issue destination 
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management list holding unit 24 of a certain certification 
authority CA Include any certification authority CA which 
is located upstream of a partial path formed before, the 
process In which the certain certification authority CA is 
the issue destination shall not be executed. 
[0060] The path search process at the step SI 002 will 
be elucidated more concretely by taking as an example 
the case where the individual certification authorities CA 
are in the relationship shown in Fig. 2. 
[0061] First, the path search unit 32 accesses the is- 
sue destination management list holding unit 24 of the 
bridge certification authority CA„^^ so as to obtain the 
information items of the certification authorities CAii» 
CA21 and CA31 as the information items of the issue des- 
tinations of public key certificates issued by the bridge 
certification authority CAbridge- 

[0062] Subsequently, the path search unit 32 exe- 
cutes the following process by noticing any of the issue 
destinations (certification authorities CA^i, CA21 and 
CA31) obtained from the bridge certification authority 

^Abridge- 

[0063] If the noticed issue destination is the certifica- 
tion authority CA (herelnbelow, called "noticed certifica- 
tion authority CA"), the path search unit 32 sets a partial 
path with the bridge certification authority CAbrHge locat- 
ed upstream, along the bridge certification authority 
CAbridge ' ^he noticed certification authority CA. Subse- 
quently, the path search unit 32 accesses the issue des- 
tination management list holding unit 24 of the noticed 
certification authority CA so as to further obtain the in- 
formation items of the issue destinations of pubib key 
certificates issued by this noticed certification authority 
CA. It is assumed here that the noticed issue destination 
is the certification authority CA^^, so the partial path Is 
set along the bridge certification authority CAbrMge ~ 
certifk:ation authority CA^.}, and that the information 
items of the certification authorities CA|,ridge> ^^12 
CA13 are obtained as the infomiation items of the issue 
destinations from the certification authority CA^-i. 
[0064] Subsequently, the path search unit 32 checks 
whether or not any certification authority CA on the par- 
tial path (herelnbelow, called "loop certification authority 
CA") is included among the issue destinations (CA^ridge' 
CA^2 ^nd CA13) obtained from the certification authority 
CA<}i. In a case where any issue destination (certifica- 
tion authority CA) is included, it is excluded from sub- 
jects to-be-handled. Accordingly, the certification au- 
thority CA^ridge excluded from the subjects to-be-han- 
dled here. Subsequently, the path search unit 32 checks 
whether or not any end entity EE is included among the 
issue destinations obtained from the certification author- 
ity CA^^. In a case where the end entity EE is included, 
the certification authority CA^^ becomes the terminal ad- 
mitting certification authority. Here, however, the end 
entity EE is not included among the issue destinations 
obtained from the certification authority CA^-,. Accord- 
ingly, the path search unit 32 notices either of the issue 
destinations except the loop certification authority CA 



as obtained from the certification authority CA-j^ (that is, 
the certification authorities CA12 and CA-13), in order to 
stretch up to the temriinal admitting certification authority 
CA the partial path which has been set along the bridge 
5 certification authority CAb^dg© * certification authority 
CA,i. 

[0065] If the noticed issue destination is any certifica- 
tion authority CA, the path search unit 32 sets a partial 
path connecting this noticed certification authority CA, 

10 downstream of the partial path set before. Subsequent- 
ly, the path search unit 32 accesses the issue destina- 
tion management list holding unit 24 of the noticed cer- 
tification authority CA so as to further obtain the infor- 
mation items of the issue destinations of public key cer- 

is tif icates issued by the pertinent noticed certification au- 
thority CA. It is assumed here that the noticed issue des- 
tination (certification authority CA) is the certification au- 
thority CA.,2, so the partial path is set along the bridge 
certification authority CA^ridge " certification authority 

20 CA^^ - certification authority CA^2> ^^^^ ^® 

titles EE.| and EE2 are obtained as the information items 
of the issue destinations from the certification authority 
CA12 

[0066] Subsequentty, the path search unit 32 checks 

25 whether or not any loop certification authority CA is in- 
cluded among the issue destinations (EEi and EE2) ob- 
tained from the certification authority CA^2- ^ case 
where any issue destination (loop certification authority 
CA) is included, it is excluded from subjects to-be-han- 

30 died. Since any loop certification authority CA is not in- 
cluded here, the path search unit 32 shifts to the next 
process and checks whether or not any end entity EE is 
included among the issue destinations obtained from 
the terminal admitting certification authority CA^2' Here, 

35 all the obtained issue destinations are the end entities 
EE, so that the certification authority CA^2 *® 
admitting certification authority. Therefore, the path 
search unit 32 detects the partial path on whk^h the cer- 
tification authority CA^2 's located at the downmost 

40 stream, as the path which extends from the bridge cer- 
tification authority CAbHdge terminal admitting cer- 
tification authority OA^2iP^ndge " ' CA^2)- 
[0067] Subsequently, the path search unit 32 checks 
whether or not any issue destination (certification au- 

^5 thority CA other than the loop certification authority CA) 
which is not noticed yet is existent among the informa- 
tion items of the issue destinations obtained from the 
certification authority CA^g which Is located at the down- 
most stream on the detected path. In the existence of 

50 such an issue destination, the unit 32 continues the 
above process with this issue destination as the notk:ed 
certification authority CA. On the other hand, in the non- 
existence of such an issue destination, the unit 32 
checks whether or not any issue destination (certifica- 

55 tion authority CA otherthan the loop certification author- 
ity CA) which is not noticed yet is existent among the 
information Items of the issue destinations obtained 
from the certification authority CA^^ which is located di- 
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rectly upstream. Further, in the existence of such an is- 
sue destination, the unit 32 continues the above process 
with this issue destination as the noticed certification au- 
thority CA. Here, the certification authority CA^3 is not 
noticed yet among the information items of the issue 
destinations obtained from the certification authority 
CAii, so that the unit 32 executes the above process 
with the certification authority CA13 as the noticed cer- 
tification authority CA, thereby to detect the path which 
extends from the bridge certification authority CAjj^^jg^ 
to the terminal admitting certification authority CA^3 
(CAbridge-CAii.CAi3). 

[0068] In this manner, the path search unit 32 contin- 
ues the above process as to each of all the certification 
authorities CA located on the detected path, until any 
issue destination (certification authority CA other than 
the loop certification authority CA) not noticed yet be- 
comes nonexistent among the Information items of the 
issue destinations obtained from the pertinent certifica- 
tion authority CA. Thus, the unit 32 detects the paths 
which extend from the bridge certification authority 
^^ridge respective terminal admitting certification 
authorities CA. As a result, in the case where the indi- 
vidual certification authorities CA are in the relationship 
shown in Fig. 2, those paths from the bridge certification 
authority CA|,^^ to the respective temninal admitting 
certification authorities CA which are detected by the 
path search unit 32 become as shown in Fig. 9. 
[0069] Meanwhile, when the paths extending from the 
bridge certification authority C Abridge to the respective 
terminal admitting certification authorities CA have been 
detected by the path search unit 32, the control unit 38 
of the certificate validity authentication center VC re- 
quests the path verification unit 33 to verify the paths. 
Then, the path verification unit 33 verifies the paths de- 
tected by the path search unit 32 (step S1003), 
[0070] Concretely, the path verification unit 33 exe- 
cutes the following process as to each of the paths de- 
tected by the path search unit 32. 
[0071] First, the path verification unit 33 accesses the 
public key certificate databases 23 of the individual cer- 
tification authorities CA on each path so as to obtain 
public key certificates which these certification authori- 
ties CA have issued to the certification authorities CA to 
the certification authorities CA respectively located di- 
rectly downstream on the pertinent path (to the end en- 
tities EE in a case where the access-destination certifi- 
cation authorities CA are the terminal admitting certifi- 
cation authorities CA). 

[0072] Subsequently, the path verification unit 33 ver- 
ifies the signature of the publk; key certificate issued by 
the terminal admitting certification authority CA located 
at the downmost stream on the path, in the light of the 
public key certificate issued by the certification authority 
CA located directly upstream. In a case where the ver- 
ification has held good, the unit 33 verifies the signature 
of the public key certificate issued by the pertinent cer- 
tification authority CA located directly upstream, In the 



light of the public key certificate issued by the certifica- 
tion authority CA located directly upstream still further. 
Such a process is continued until the pertinent certifica- 
tion authority CA located directly upstream becomes the 
5 bridge certification authority CA^^g^, thereby to tenta- 
tively verify the pertinent path. 

[0073] By way of example, in case of tentatively veri- 
fying the path which extends from the bridge certification 
authority CAbridg© the terminal admitting certification 

10 authority CA^3 (CA^^ridge ' " ^^^3) ^"'9. 2. the sig- 
nature of the public key certificate issued by the terminal 
admitting certification authority CA^3 is first verified us- 
ing the public key certificate which the root certification 
authority CAit being the certification authority CA locat- 
es ed directly upstream of the terminal admitting certifica- 
tion authority CA^3 has issued to this terminal admitting 
certification authority CA13. Subsequently, in a case 
where the verification has held good, the signature of 
the public key certificate issued by the root certification 

20 authority CA^i Is verified using the public key certificate 
which the bridge certification authority CA^rtdge being 
the certification authority CA located directly upstream 
of the root certification authority CA.,^ has Issued to this 
root certification authority CA^^. Besides, In a case 

25 where the verification has held good, the tentative veri- 
fication of the path which extends from the bridge certi- 
fication authority CAb^dge terminal admitting cer- 
tification authority CA^3 shall have held good. 
[0074] Next, when the tentative verification of the path 

30 has held good, the path verification unit 33 checks 
whether or not the description of a constraint, such as 
the names of other certification authorities which are not 
trusted (Name Constraints) or the maximum path length 
which is allowed for the authentication of the validity of 

3S any public key certificate (the maximum allowable 
number of certifbatlon authorities on the path), Is exist- 
ent in the public key certificates obtained from the re- 
spective certification authorities CA on the pertinent 
path. In the existence of such a description, the unit 33 

40 checks whether or not the pertinent path observes the 
constraint, and It decides that the verification of the per- 
tinent path has held good, only when the constraint is 
observed. 

[0075] By way of example, in a case where the tenta- 
45 tive verification of a path extending from the bridge cer- 
tification authority CA^ndge *° ^ temninal admitting certi- 
fication authority CAgg (CAbndge " ^^3^ - CA21 - CA22 - 
CA25 - CAge) in Fig. 2 has held good, the verification of 
the path shall not have held good when the certification 
50 authority CA31 Is described as the name of another cer- 
tification authority not trusted, in a public key certificate 
obtained from the certification authority CAge- Also, in 
the above case, the verification of the path shall not have 
held good when the number of certification authorities 
55 = 5 is described as a path length in the public key cer- 
tificate obtained from the certifk^ation authority CA26- 
[0076] When the respective paths detected by the 
path search unit 32 have been verified by the path ver- 
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ification unit 33 as stated above, the control unit 38 once 
clears the registered contents of the path database 31 
and thereafter registers the respective paths whose ver- 
ifications have held good in the path verification unit 33, 
in the path database 31 in association with the terminal 
admitting certification authorities CA located at the 
downmost streams on the corresponding paths and with 
the public key certificates obtained from the certification 
authorities CA located on these paths (step S1004). 
[0077] On the other hand, the validity term/revocation 
state examination unit 34 checks whether or not any 
public key certificate whose validity term has expired is 
existent among the public key certificates registered in 
the path database 31 (step SI 005). in the existence of 
the validity term-expired public key certificate, the public 
key certificate database 23 of the issue-origin certifica- 
tion authority CA of the pertinent public key certificate 
is accessed so as to search for a public key certificate 
which has been issued to the issue destination of the 
pertinent public key certificate anew (step S1 008). 
[0078] Besides, if such a new public key certificate is 
not existent in the public key certifk:ate database 23 of 
the issue-origin certification authority CA, information 
about the path registered in association with the validity 
term-expired public key certificate is deleted from the 
path database 31 (step S1007). On the other hand, if 
such a new public key certificate is existent in the public 
key certificate database 23 of the issue-origin certiftea- 
tion authority CA, it is obtained. Further, the verification 
of the path registered in the path database 31 in asso- 
ciation with the validity term-expired public key certifi- 
cate is executed in accordance with the same purport 
as at the step SI 003 by using the public key certificate 
whbh has been obtained anew instead of the validity 
term-expired publk; key certificate (step S1008). 
[0079] Incidentally, the path verification at the step 
S1 008 may well be replaced with an expedient in which 
the signature of the public key certificate obtained anew 
is verified in the light of a public key certificate issued 
by the certification authority CA located directly up- 
stream of the issue-origin certification authority CA of 
this public key certifbate on the pertinent path, and in 
which the verification of the pertinent path is regarded 
as having held good when the verification of the signa- 
ture has held good. 

[0080] Referring to Fig. 8, in a case where the verifi- 
cation of the path has held good ("Yes" at a step S1 009), 
the validity temn-expired publb key certificate registered 
in the path database 31 in association with the pertinent 
path is substituted by the public key certificate obtained 
anew (step 81 01 0). On the other hand, in a case where 
the verification of the path has not held good ("No" at 
the step S1009), the path registered in association with 
the validity term-expired public key certificate is deleted 
from the path database 31 (step SI 01 1 ). 
[0081] Subsequently, the validity term/revocation 
state examination unit 34 examines the certification rev- 
ocation list (CRL) creation schedule time database 39 



so as to search for any certification authority CA asso- 
ciated with a CRL creation schedule time which has al- 
ready lapsed (step SI 01 2). In the existence of such a 
certification authority CA ("Yes" at a step 81013), the 
5 CRL holding unit 25 of the pertinent certification author- 
ity CA is accessed so as to obtain the newest CRL is- 
sued by this certification authority CA (step 81 01 4). Be- 
sides, the CRL creation schedule time registered in as- 
sociation with the pertinent certification authority CA is 
updated to a CRL creation schedule time described in 
the newest CRL obtained, in the CRL creation schedule 
time database 39 (step 81 01 5). 
[0082] Thereafter, the validity term/revocation state 
examination unit 34 checks whether or not any publk: 
key certificate described in the newest CRL obtained is 
registered in the path database 31 (step S1016). In a 
case where the public key certificate is registered, infor- 
mation about any path associated with this public key 
certificate is deleted from the path database 31 (step 
81017). 

[0083] There will now be explained the operation of 
authenticating the validity of a public key certificate. 
[0084] Figs. 10 and 11 are flow charts for explaining 
the operation of authenticating the validity of a public 
key certificate as is executed in the certificate validity 
authentication center VC in this embodiment. 
[0085] Referring to these figures, when the control 
unit 38 has received a request for the authentication of 
the validity of a public key certificate, which contains a 
name of a terminal admitting certification authority CA 
admitting a certain end entity EE and which has been 
issued by any terminal admitting certification authority 
CA other than the above terminal admitting certification 
authority CA, from the end entity EE through the com- 
munication unit 36 (step 82001), it notifies the reception 
of the request to the validity authentication unit 35. Inci- 
dentally, when the name of the terminal admitting certi- 
fication authority CA is not contained in the authentica- 
tion request for the validity of the public key certificate, 
a default certification authority CA preset in the certifi- 
cate validity authentication center VC is set as a terminal 
admitting certification authority CA admitting the end en- 
tity EE. Then, if the terminal admitting authority CA hav- 
ing issued the public key certificate whose validity is to 
be authenticated, is other than the above set temninal 
admitting certification authority CA, the validity authen- 
tication unit 35 is notified as such. 
[0086] Then, the validity authentication unit 35 checks 
whether or not a path associated with the terminal ad- 
mitting certification authority CA having issued the pub- 
lic key certif bate as is specified from the description of 
the pertinent certifteate being a subject for the request, 
and a path associated with the terminal admitting certi- 
fication authority CA which admits the end entity EE be- 
ing a requester, are registered in the path database 31 
(step S2002). 

[0087] If, as a result, it has been found that both the 
path associated with the temninal admitting certification 
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authorrty CA which has issued the subject public key 
certificate, and the path associated with the terminal ad- 
mitting certification authority CA which admits the re- 
quester end entity EE, are not registered in the path da- 
tabase 31 , the validity authentication unit 35 notifies it 5 
to the requester end entity EE through the communica- 
tion unit 36 that the subject public key certificate is not 
valid (step S2003). 

[0088] On the other hand, if it has been successfully 
authenticated that both the path associated with the ter- 
minal admitting certification authority CA which has is- 
sued the subject public key certificate, and the path as- 
sociated with the tenminal admitting certification author- 
ity CA which admits the requester end entity EE, are reg- 
istered in the path database 31 , the validity authentica- 
tion unit 35 further checks whether or not the description 
of a constraint, such as the names of other certification 
authorities which are not trusted (Name Constraints) or 
the maximum path length which is allowed for the au- 
thentication of the validity of any pubric key certificate 
(the maximum allowable number of certiftoation author- 
ities on the path), is existent in the public key certificates 
registered in the path database 31 in association with 
either of the two paths (step S2004). 
[0089] In the nonexistence of the description of such 
a constraint, the validity authentication unit 35 shifts to 
a step S2006. On the other hand, in the existence of the 
description of such a constraint, the validity authentica- 
tion unit 35 shifts to a step S2005, and it checks whether 
or not the two paths observe the constraint, in other 
words, whether or not it Is described in the public key 
certificates that any certification authority on the two 
paths is not trusted, or whether or not the number of cer- 
tification authorities smaller than the number of certifi- 
cation authorities located on each of the two paths is 
described as the maximum path length. 
[0090] Here, in the existence of such a description, 
the validity authentication unit 35 judges the two paths 
as failing to observe the constraint and notifies it to the 
requester end entity EE through the communication unit 
36 that the public key certificate is not valid (step 
S2003). On the other hand, in the nonexistence of such 
a description, the validity authentication unit 35 judges 
the two paths as observing the constraint, and it shifts 
to the step S2006. 

[0091] At the step S2006, the validity authentication 
unit 35 checks whether or not trustworthiness (policy) 
which is Indicated by the amount of business, or the like 
of the electronic procedure to be taken by the end entity 
EE is contained in the authentication request received 
from the pertinent end entity EE. In a case where the 
trustworthiness of the electronic procedure Is contained, 
the unit 35 further checks whether or not the description 
of trustworthiness which does not satisfy the above 
trustworthiness of the above electronic procedure is ex- 
istent in the public key certificates which are registered 
in the path database 31 in association with either of the 
two paths (step S2007). 



[0092] Here, in the existence of such a description, 
the validity authentication unit 35 judges the two paths 
as failing to be utilized for the authentication of the va- 
lidity of the public key certificate for the electronic pro- 
cedure to be taken by the requester end entity EE, and 
this unit notifies it to the requester end entity EE through 
the communication unit 36 that the public key certificate 
is not valid (step S2003). 

[0093] On the other hand, In a case where the trust- 
worthiness of the electronic procedure to be taken by 
the end entity EE is not contained in the authentication 
request received from the pertinent end entity EE, or in 
a case where the trustworthiness of the electronic pro- 
cedure is contained, but where trustworthiness de- 
scribed in the public key certificates which are registered 
in the path database 31 In association with either of the 
two paths is equal to or higher than that of the electronic 
procedure, the validity authentication unit 35 judges the 
public key certificate as being valid and notifies it to the 
requester end entity EE through the communk:ation unit 
36 that the public key certificate is valid (step S2008). 
[0094] Thus far, one embodiment of the present in- 
vention has been described. 

[0095] In this embodiment, paths which extend from 
the bridge certification authority CA^j^gg to the respec- 
tive terminal admitting certification authorities CA are 
periodically searched for and verified independently of 
the request of any end entity EE for authenticating the 
validity of a public key certificate. Besides, in a case 
where the request for authenticating the validity of a 
public key certificate has been received from a certain 
end entity EE, whether or not the public key certificate 
Is valid is judged by checking with the paths searched 
for and verified beforehand whether or not a path 
through the bridge certification authority OA^^ can be 
established between the terminal admitting certification 
authority CA which admits the pertinent end entity EE 
and the terminal admitting certification authority CA 
which has issued the public key certificate being a sub- 
ject for the request. It is accordingly possible to shorten 
a time period which is expended since the reception of 
the request for the authentication of the validity of the 
public key certificate till the authentication of the validity. 
[0096] Besides, in this embodiment, in a case where 
the request for authenticating the validity of a public key 
certificate has been received from a certain end entity 
EE, whether or not a path through the bridge certification 
authority CA^^^gg can be established between the ter- 
minal admitting certification authority CA which admits 
the pertinent end entity EE and the tenminal admitting 
certification authority CA whk^h has issued the pubtk: 
key certificate being a subject for the request is checked 
with the paths searched forand verified beforehand, and 
subject to the establishment of the path, whether or not 
the subject public key certificate is valid is finally judged 
in consideration of a constraint (such as the names of 
other certification authorities which are not tmsted 
(Name Constraints), the maximum path length (the 
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maximum allowable number of certification authorities 
on the path), or trustworthiness (policy)) which is de- 
scribed in any public key certificate issued by any certi- 
fication authority on the path. It is accordingly possible 
to more precisely judge the validity of the subject public 5 
key certificate. 

[0097] Incidentally, the present Invention is not re- 
stricted to the foregoing embodiment, but it can have 
various modifications within the scope of the purport 
thereof. io 
[0098] By way of example, in the foregoing embodi- 
ment, the certificate validity authentication center VC 
sets the bridge certification authority CA|,rfdge ^ 
certification authority, and it searches for and verifies 
paths which extend from the bridge certification author- is 
ity CAjj^gg to the individual temninal admitting certifica- 
tion authorities CA. The present invention, however, is 
not restricted to such an aspect Any other certification 
authority CA can also be set as a start certification au- 
thority so as to search for and verify paths extending 20 
therefrom to the individual terminal admitting certifica- 
tion authorities CA. As a concrete example, in the case 
where the certification authorities CA are in the relation- 
ship shown in Fig. 2, any of the root certification author- 
ities CA^i , CA2i and CA^^ of the respective security do- 25 
mains SD may well be set as a start certification author- 
ity so as to search for and verify paths extending there- 
from to the individual terminal admitting certification au- 
thorities CA. 

[0099] Besides, in the foregoing embodiment, it is as- 30 
sumed for the brevity of description that, as shown in 
Fig. 2, the terminal admitting certification authorities CA 
issue public key certificates to the end entities EE only, 
while the other certification authorities CA issue public 
key certificates to the certification authorities CA only. 35 
As a matter of course, however, the present invention is 
similarly applicable also to a case where a PKI system 
includes a certification authority CA which issues public 
key certificates to both the end entity EE and the certi- 
fication authority CA. 40 
[0100] Further, in the foregoing embodiment, as the 
construction of the certification authority CA, it is ex- 
plained that the cross-certification is perfonned among 
the root certification authorities of the individual security 
domains. It is not limited to the root certification author- 45 
ities, but other certifbation authorities may perform the 
cross-certification . 

[0101] As described above, according to the present 
invention, It is permitted to shorten a time period which 
is expended since a request for the authentication of the so 
validity of a publk: key certificate till the authentication 
of the validity. 



Claims ss 

1 . A certificate validity authentication method wherein 
validity of a public key certificate Issued by a certi- 



fication authority which is different from a certifica- 
tion authority trusted by a terminal is authenticated 
in compliance with a request made by the terminal, 
comprising: 

the path search step of executing a process in 
which, with any certifteation authority set as a 
start certification authority, an issue destination 
of a public key certificate issued by the start cer- 
tification authority is checked, and subject to 
any certif ication authority included as the issue 
destination, an issue destination of a public key 
certificate issued by the issue-destination cer- 
tification authority is further checked, the proc- 
ess being continued until all of the issue desti- 
nations of the public key certificates become 
terminals, thereby to search for paths which ex- 
tend from said start certification authority to ter- 
minal admitting certification authorities having 
issued public key certificates to any terminals; 
the path verification step of executing for each 
of the paths detected by said path search step, 
a process in which, with said start certification 
authority set at an upstream side, a signature 
of the public key certificate issued by the termi- 
nal admitting certification authority on the per- 
tinent path is verified in the light of the public 
key certificate issued by the certification au- 
thority located directly upstream, and subject to 
the verification having held good, a signature 
of the public key certificate issued by the termi- 
nal admitting certification authority located di- 
rectly upstream is verified in the light of the pub- 
lic key certificate issued by the certification au- 
thority located directly upstream still further, the 
process being continued until said certification 
authority located directly upstream becomes 
said start certification authority, thereby to ver- 
ify said paths; 

the path registration step of registering in a da- 
tabase those of said paths whose verifications 
have held good by said path verification step; 
and 

the validity authentteation step of complying 
with the request of the terminal for authenticat- 
ing the validity of the public key certificate is- 
sued by the tenninal admitting certification au- 
thority which is different from the certification 
authority trusted by said terminal, to judge said 
validity of said pubik; key certificate as having 
been authenticated when the path between 
said certif k:ation authority trusted by said tenni- 
nal and said start certification authority and the 
path between the different temninal admitting 
certification authority and said start certification 
authority are held registered in the database. 

2. A certificate validity authentication method accord- 
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ing to Claim 1 , wherein: 

said path search step is performed periodically; 
said path verification step is performed for a 
newest path searched for by said path search 5 
step; and 

said path registration step updates registered 
contents of said database to the newest path 
whose verification has held good by said path 
verification step. io 

A certificate validity authentication method accord- 
ing to Claim 1 . further comprising: 

the validity term examination step of examining is 
for each of said paths registered in said data- 
base by said path registration step, validity 
temns of the public l<ey certificates which the 
certification authorities on the pertinent path 
have Issued to the certification authorities Io- 20 
cated directly downstream (to the terminals ad- 
mitted by the terminal admitting certification au- 
thorities in a case where the Issue origins are 
said tenninal admitting certification authori- 
ties); and 25 
the path re-verification step of obtaining any 
new public key certificate for an issue destina- 
tion of the public key certificate whose validity 
term has been authenticated to have expired 
by said validity term examination step, from the 30 
Issue origin of the temn-expired public key cer- 
tificate, and verifying at least a signature of the 
new public key certificate in the light of the pub- 
lic key certificate which has been issued by the 
certification authority located directly upstream 35 
of said Issue origin; 

wherein said path registration step deletes 
from said database the path including said issue or- 
igin and said issue destination of said public key 40 
certificate whose validity term has been authenti- 
cated to have expired by said validity temn exami- 
nation step, in either of a case where the verification 
of the signature of said new publk: key certificate 
has not held good at said path re- verification step 45 
and a case where said new public key certificate 
has failed to be obtained. 

A certificate validity authentication method accord- 
ing to Claim 1 , further comprising: so 

the revocation Information examination step of 
examining for each of said paths registered in 
said database by said path registration step, 
revocation Information of the public key certif i- 55 
cates which the certification authorities on the 
pertinent path have Issued; 



wherein said path registration step deletes 
from said database the path including said issue or- 
igin and said issue destination of any public key cer- 
tificate which has been authenticated to have been 
revoked by said revocation information examination 
step. 

5. A certificate validity authentication method accord- 
ing to Claim 1 , wherein: 

said validity authentication step complies with 
said request of said terminal for authenticating 
said validity of said public key certificate issued 
by said terminal admitting certification authority 
which is different from said certification author- 
ity trusted by said terminal, to judge said validity 
of said public key certificate as having failed to 
be authenticated in a case where a constraint 
to the effect that any certification authority lo- 
cated on said path between said certifk^ation 
authority trusted by said terminal and said start 
certification authority and said path between 
said different tenminal admitting certification au- 
thority and said start certification authority is not 
trusted, is described in the public key certificate 
which any certification authority on the two 
paths has issued to the certification authority 
located directly downstream (to the tenminal ad- 
mitted by the tenninal admitting certification au- 
thority in a case where the issue origin Is said 
terminal admitting certification authority) on the 
path where the issue-origin certification author- 
ity Is located, even when said two paths are 
held registered in said database. 

6. A certificate validity authentication method accord- 
ing to Claim 1 , wherein: 

said validity authentication step complies with 
said request of said terminal for authenticating 
said validity of said public key certificate issued 
by saidtemninai admitting certification authority 
which is different from said certification author- 
ity trusted by saidtemninai, to judge said validity 
of said public key certificate as having failed to 
be authenticated in a case where the total 
number of certification authorities located on 
said path between said certification authority 
trusted by said tenninal and said start certifica- 
tion authority and said path between said dif- 
ferent tenninal admitting certification authority 
and said start certification authority exceeds a 
path length (the maximum allowable number of 
certification authorities located on the two 
paths) described in the public key certificate 
which any certification authority on said two 
paths has issued to the certification authority 
located directly downstream (to the terminal ad- 
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mitted by the terminal admitting certification au- 
thority in a case where the issue origin Is said 
terminal admitting certification authority) on the 
path where the issue-origin certification author- 
ity is located, even when said two paths are 5 
held registered in said database. 

7. A certificate validity authentication method accord- 
ing to Claim 1 , wherein: 

10 

said validity authentication step complies with 
said request of said tenninai for authenticating 
said validity of said public key certificate issued 
by said terminal admitting certification authority 
which is different from said certification author- is 
ity trusted by said terminal, said request accom- 
panying presentation of trustworthiness re- 
quired of an electronic procedure intended by 
said terminal, to judge said validity of said pub- 
lic key certificate as having failed to be authen- 20 
ticated in a case where trustworthiness (policy) 
described In the public key certificate which any 
certification authority located on said path be- 
tween said certification authority trusted by said 
terminal and said start certification authority 25 
and said path between said different terminal 
admitting certification authority and said start 
certifk:ation authority has Issued to the certifi- 
cation authority located directly downstream (to 
the terminal admitted by the tenninai admitting so 
certification authority in a case where the issue 
origin is said terminal admitting certification au- 
thority) on the path where the issue-origin cer- 
tification authority is located is lower than the 
trustworthiness required of the electronic pro- 3s 
cedure, even when the two paths are held reg- 
istered in said database. 

8. A certificate validity authentication method accord- 
ing to Claim 1 , wherein said start certification au- 40 
thority is a bridge certification authority which per- 
forms cross-certification with respective root certifi- 
cation authorities of at least two security domains. 

9. A certificate validity authentication apparatus 45 
wherein validity of a public key certificate issued by 

a certification authority which is different from a cer- 
tification authority trusted by a temnlnal is authenti- 
cated in compliance with a request made by the ter- 
minal, comprising: so 

path search means for executing a process in 
which, with any certification authority set as a 
start certification authority, an issue destination 
of a public key certificate issued by the start cer- S5 
tification authority is checked, and subject to 
any certification authority Included as the issue 
destination, an issue destination of a public key 



certificate issued by the issue-destination cer- 
tification authority Is further checked, the proc- 
ess being continued until all of the issue desti- 
nations of the public key certificates become 
temninals, thereby to search for paths which ex- 
tend from said start certification authority to ter- 
minal admitting certification authorities having 
Issued public key certificates to any terminals; 
path verification means for executing for each 
of the paths detected by said path search 
means, a process in which, with said start cer- 
tification authority set at an upstream side, a 
signature of the public key certificate issued by 
the terminal admitting certification authority on 
the pertinent path is verified in the light of the 
public key certificate issued by the certification 
authority located directly upstream, and subject 
to the verification having held good, a signature 
of the publk; key certificate issued by the termi- 
nal admitting certification authority located di- 
rectly upstream is verified in the light of the pub- 
lic key certificate issued by the certification au- 
thority located directly upstream still further, the 
process being continued until said certification 
authority located directly upstream becomes 
said start certification authority, thereby to ver- 
ify said paths; 

path registration means for registering In a da- 
tabase those of said paths whose verifications 
have held good by said path verification means; 
and 

validity authentication means complying with 
the request of the terminal for authenticating 
the validity of the public key certif k:ate issued 
by the terminal admitting certification authority 
which is different from the certification authority 
trusted by said terminal, to judge said validity 
of said public key certificate as having been au- 
thenticated when the path between said certifi- 
cation authority trusted by said temnlnal and 
said start certification authority and the path be- 
tween the different terminal admitting certifica- 
tion authority and said start certification author- 
ity are held registered in the database. 

10. A storage medium which stores therein a program 
for authenticating validity of a public key certificate 
issued by a certification authority different from a 
certification authority trusted by a terminal, in com- 
pliance with a request made by the terminal; 

the program being read and run by an electron- 
ic computer, thereby to build on the electronk: 
computer: 

path search means for executing a process 
in which, with any certification authority set 
as a start certification authority, an issue 
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destination of a public l<ey certificate is- 
sued by the start certification autliority is 
checked, and subject to any certification 
authority included as the issue destination, 
an issue destination of a public key certifi- 5 
cate issued by the issue-destination certi- 
fication authority is further checked, the 
process being continued until all of the is- 
sue destinations of the public key certifi- 
cates become terminals, thereby to search 10 
for paths which extend from said start cer- 
tification authority to terminal admitting cer- 
tifk^ation authorities having issued public 
key certrficates to any tenninals; 
path verification means for executing for is 
each of the paths detected by said path 
search means, a process in which, with 
said start certification authority set at an 
upstream side, a signature of the public key 
certificate issued by the temninal admitting ^ 
certification authority on the pertinent path 
is verified in the light of the public key cer- 
tificate issued by the certification authority 
located directly upstream, and subject to 
the verification having held good, a signa- 2S 
ture of the public key certificate issued by 
the terminal admitting certification authori- 
ty located directly upstream is verified in 
the light of the public key certrfk^ate issued 
by the certification authority located direct- 30 
ly upstream still further, the process being 
continued until said certification authority 
located directly upstream becomes said 
start certification authority, thereby to verify 
said paths; 35 
path registration means for registering in a 
database those of said paths whose verifi- 
cations have held good by said path verifi- 
cation means; and 

validity authentication means complying 40 
with the request of the terminal for authen- 
ticating the validity of the public key certif- 
icate issued by the terminal admitting cer- 
tifk:ation authority whbh is different from 
the certification authority trusted by said 45 
temrilnal, to judge said validity of said public 
key certificate as having been authenticat- 
ed when the path between said certification 
authority trusted by said terminal and said 
start certification authority and the path be- so 
tween the different temninal admitting cer- 
tiffcation authority and said start certifica- 
tion authority are held registered In the da- 
tabase. 
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FIG.5 
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FIG.7 



OPERATION OF SEARCHING FOR, VERIFYING AND MANAGING PATHS 



81001 



S1002 



S1003 



S1004. 




SEARCH FOR PATHS 



VERIFY PATHS 



REGISTER PATHS WHOSE 
VERIFICATIONS HAVE HELD 
GOOD. IN PATH DB 



51 005 



SI 006 



S1O08 



VERIFY PATH ASSOCIATED 

WITH TERM-EXPIRED CERTIFICATE. 

BY USING NEW CERTIFICATE 




i 



SI 007 



DELETE PATH ASSOCIATED 
WITH TERM-EXPIRED 
CERTIFICATE, FROM PATH DB 



22 



EP1 185 027 A2 



FIG.8 



OPERATION OF SEARCHING FOR. VERIFYING AND MANAGING PATHS 
A 



SI 009 



S1010 




SUBSTITUTE TERM-EXPIRED 
CERTIHCATE IN PATH DB. 
BY NEW CERTIFICATE 



S1012 



5 



SI on 



DELETE PATH ASSOCIATED 
WITH TERM-EXPIRED 
CERTIFICATE. FORM PATH DB 



I 



SEARCH FOR CERTIFICATION AUTHORITY 
CA WHOSE CREATION SCHEDULE TIME FOR 
CERTlHCATiON REVOCATION LIST (CRL) HAS LAPSED 



S1013 



S1015 




OBTAIN NEWEST CRL 
FROM DETECTED 
CERTIRCATION AUTHORITY CA 



UPDATE CRL CREATION 
SCHEDULE TIME OF DETECTED 
CERTinCATION AUTHORITY CA 



S1016 



S1017 



DELETE PATH ASSOCIATED 
WITH CERTIFICATE INCLUDED 
IN LIST. FROM PATH DB 



23 



EP1 185 027 A2 



FIG.9 
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